Malware Analysis Report

2025-04-03 14:27

Sample ID 241218-j92y1s1mbz
Target faca62ac5b58a446001fc21aecac4d8b_JaffaCakes118
SHA256 a777c2ee5d674998b0b994c4107c1581101d98269c4be374acea9fd009ed69b8
Tags
socgholish discovery downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

a777c2ee5d674998b0b994c4107c1581101d98269c4be374acea9fd009ed69b8

Threat Level: Known bad

The file faca62ac5b58a446001fc21aecac4d8b_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

socgholish discovery downloader

SocGholish

Socgholish family

System Location Discovery: System Language Discovery

Browser Information Discovery

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-18 08:22

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-18 08:22

Reported

2024-12-18 08:25

Platform

win7-20240903-en

Max time kernel

121s

Max time network

135s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\faca62ac5b58a446001fc21aecac4d8b_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

Socgholish family

socgholish

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage\blogspot.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage\chatroll.com\Total = "21" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d88415ca021c384c8c53fd8e2ad5488f000000000200000000001066000000010000200000002165b3ea1728c8d1707cb44a1b4060f1a20ddbe7fea12e59e60a2dce79fbdbc5000000000e8000000002000020000000e0382edfddfcbb7fff98ee0ec668d0acbe87904b8c4dbbc73198283d484882ca20000000c5b49cf0c4191090da62366eb98c4637c035180588a4d0202ffc9187491f915540000000d78d054a1c2c362f13ad4ceb1ba9ee56baca2d0d7e582e4075b171483c1e4b7ae3cca468de6bc0472879b552e1715a363f36d212a98ee1044280494240deef8b C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage\chatroll.com\ = "21" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage\chatroll.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage\blogspot.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage\damncok.blogspot.com\ = "21" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage\damncok.blogspot.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage\damncok.blogspot.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage\chatroll.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage\blogspot.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "11081" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage\blogspot.com\Total = "21" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 603247222651db01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d88415ca021c384c8c53fd8e2ad5488f00000000020000000000106600000001000020000000a41460dbb34bf17334c0a7c222a020b6cd905f3a66892bb2f09d3aae9bd12d0a000000000e8000000002000020000000548289279573985e43afc376b2035ab891efadedc43f01299c3b4899e93e3b8e90000000159a3775e9198577aaa1c99d805f17789eade8e971940888cd47f1f1de65533847d0d4b291da9b7b9e2c90041eae480912e61a28a04961e6f6268eeccfb0d066f3aec7d9e0554e8e00b8b857c48c82130874d2efe5097e0e141a97e647a3142a3dc4b7a31ca728a74138227fd619bd2027e0eee7bba89c61af51d4bb041b3d88121aba045bc984736deb198df0f3e0a440000000ffbad1153eb76c43e04dacf75caa94ec95518dbbd79c3616b8d12a8d328fe692b197e007bbbb886dccb9ab278632f0dd3e4e1517fac07c6a44565e61eefea02f C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "11081" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage\chatroll.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4948F971-BD19-11EF-A701-7E918DD97D05} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage\chatroll.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "21" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\faca62ac5b58a446001fc21aecac4d8b_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2900 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 yourjavascript.com udp
US 8.8.8.8:53 layanan.oposisi.net udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 dinhquanghuy.110mb.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 adsensecamp.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 feeds.feedburner.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 c.gigcount.com udp
US 8.8.8.8:53 www.reverbnation.com udp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
US 13.248.169.48:80 yourjavascript.com tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
US 13.248.169.48:80 yourjavascript.com tcp
US 8.8.8.8:53 ib.adnxs.com udp
US 13.248.169.48:80 yourjavascript.com tcp
US 8.8.8.8:53 banner.adsensecamp.com udp
US 8.8.8.8:53 imemovaz.googlecode.com udp
US 8.8.8.8:53 icons.iconarchive.com udp
FR 172.217.18.202:443 ajax.googleapis.com tcp
FR 172.217.18.202:443 ajax.googleapis.com tcp
US 8.8.8.8:53 www.alertpay.com udp
US 8.8.8.8:53 feedjit.com udp
US 8.8.8.8:53 andreykusanagi.googlecode.com udp
FR 216.58.214.169:443 resources.blogblog.com tcp
FR 216.58.214.169:443 resources.blogblog.com tcp
US 8.8.8.8:53 mybloggertricks.googlecode.com udp
US 8.8.8.8:53 www.lintas.me udp
US 8.8.8.8:53 vicahya.googlecode.com udp
FR 216.58.214.169:443 resources.blogblog.com tcp
US 8.8.8.8:53 s2.sigmirror.com udp
US 8.8.8.8:53 js-kit.com udp
FR 216.58.214.169:443 resources.blogblog.com tcp
FR 216.58.214.169:443 resources.blogblog.com tcp
FR 142.250.179.78:443 apis.google.com tcp
FR 142.250.179.78:443 apis.google.com tcp
FR 216.58.214.78:80 feeds.feedburner.com tcp
FR 216.58.214.78:80 feeds.feedburner.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 142.250.179.65:443 lh4.googleusercontent.com tcp
FR 142.250.179.65:443 lh4.googleusercontent.com tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:80 www.google.com tcp
FR 142.250.179.65:443 lh4.googleusercontent.com tcp
FR 142.250.179.65:443 lh4.googleusercontent.com tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
US 34.226.101.193:80 www.reverbnation.com tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
US 34.226.101.193:80 www.reverbnation.com tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
DE 37.252.171.53:80 ib.adnxs.com tcp
DE 37.252.171.53:80 ib.adnxs.com tcp
FR 142.250.179.65:443 lh4.googleusercontent.com tcp
FR 142.250.179.65:443 lh4.googleusercontent.com tcp
US 104.21.235.213:80 icons.iconarchive.com tcp
US 104.21.59.55:80 www.lintas.me tcp
US 104.21.235.213:80 icons.iconarchive.com tcp
US 104.21.59.55:80 www.lintas.me tcp
FR 52.222.169.79:80 js-kit.com tcp
FR 52.222.169.79:80 js-kit.com tcp
NL 142.250.102.82:80 vicahya.googlecode.com tcp
NL 142.250.102.82:80 vicahya.googlecode.com tcp
NL 142.250.102.82:80 vicahya.googlecode.com tcp
NL 142.250.102.82:80 vicahya.googlecode.com tcp
NL 142.250.102.82:80 vicahya.googlecode.com tcp
NL 142.250.102.82:80 vicahya.googlecode.com tcp
NL 142.250.102.82:80 vicahya.googlecode.com tcp
NL 142.250.102.82:80 vicahya.googlecode.com tcp
US 52.223.39.56:443 www.alertpay.com tcp
US 52.223.39.56:443 www.alertpay.com tcp
DE 37.252.171.53:443 ib.adnxs.com tcp
FR 52.222.169.79:443 js-kit.com tcp
US 8.8.8.8:53 t.ly udp
US 104.20.6.133:443 t.ly tcp
US 104.20.6.133:443 t.ly tcp
FR 52.222.169.79:443 js-kit.com tcp
US 34.226.101.193:443 www.reverbnation.com tcp
FR 52.222.169.79:443 js-kit.com tcp
ID 103.30.145.12:80 banner.adsensecamp.com tcp
ID 103.30.145.12:80 banner.adsensecamp.com tcp
ID 103.30.145.12:80 banner.adsensecamp.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
FR 142.250.179.67:80 c.pki.goog tcp
ID 103.30.145.12:80 banner.adsensecamp.com tcp
ID 103.30.145.12:80 banner.adsensecamp.com tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 52.222.169.79:443 js-kit.com tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
US 8.8.8.8:53 crt.rootg2.amazontrust.com udp
US 8.8.8.8:53 crt.rootg2.amazontrust.com udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
FR 3.164.163.127:80 crt.rootg2.amazontrust.com tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
FR 3.164.163.87:80 crt.rootg2.amazontrust.com tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
ID 103.30.145.12:443 banner.adsensecamp.com tcp
ID 103.30.145.12:443 banner.adsensecamp.com tcp
ID 103.30.145.12:443 banner.adsensecamp.com tcp
ID 103.30.145.12:443 banner.adsensecamp.com tcp
FR 142.250.179.110:80 www.google-analytics.com tcp
FR 142.250.179.110:80 www.google-analytics.com tcp
US 8.8.8.8:53 r10.o.lencr.org udp
US 8.8.8.8:53 r10.o.lencr.org udp
US 8.8.8.8:53 r10.o.lencr.org udp
US 8.8.8.8:53 r10.o.lencr.org udp
US 8.8.8.8:53 ocsp.r2m03.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m02.amazontrust.com udp
GB 88.221.135.105:80 r10.o.lencr.org tcp
GB 88.221.134.137:80 r10.o.lencr.org tcp
US 8.8.8.8:53 ocsp.r2m03.amazontrust.com udp
GB 88.221.135.105:80 r10.o.lencr.org tcp
GB 88.221.134.137:80 r10.o.lencr.org tcp
FR 13.249.8.192:80 ocsp.r2m03.amazontrust.com tcp
FR 13.249.8.192:80 ocsp.r2m03.amazontrust.com tcp
FR 13.249.8.192:80 ocsp.r2m03.amazontrust.com tcp
US 8.8.8.8:53 chatroll.com udp
US 8.8.8.8:53 s10.histats.com udp
US 169.47.242.252:80 chatroll.com tcp
US 169.47.242.252:80 chatroll.com tcp
US 104.20.3.69:80 s10.histats.com tcp
US 104.20.3.69:80 s10.histats.com tcp
US 8.8.8.8:53 s4.histats.com udp
US 8.8.8.8:53 developers.google.com udp
CA 149.56.240.131:443 s4.histats.com tcp
CA 149.56.240.131:443 s4.histats.com tcp
FR 142.250.178.142:80 developers.google.com tcp
FR 142.250.178.142:80 developers.google.com tcp
US 8.8.8.8:53 lh3.ggpht.com udp
FR 216.58.215.33:80 lh3.ggpht.com tcp
FR 216.58.215.33:80 lh3.ggpht.com tcp
US 169.47.242.252:443 chatroll.com tcp
FR 142.250.178.142:443 developers.google.com tcp
US 8.8.8.8:53 r11.o.lencr.org udp
US 8.8.8.8:53 r11.o.lencr.org udp
GB 88.221.135.105:80 r11.o.lencr.org tcp
GB 88.221.134.137:80 r11.o.lencr.org tcp
US 8.8.8.8:53 dw3mgzt87vzb4.cloudfront.net udp
FR 3.165.112.155:443 dw3mgzt87vzb4.cloudfront.net tcp
FR 3.165.112.155:443 dw3mgzt87vzb4.cloudfront.net tcp
FR 3.165.112.155:443 dw3mgzt87vzb4.cloudfront.net tcp
US 8.8.8.8:53 connect.facebook.net udp
IE 31.13.73.22:443 connect.facebook.net tcp
IE 31.13.73.22:443 connect.facebook.net tcp
US 8.8.8.8:53 d167qii8h0pw75.cloudfront.net udp
FR 52.222.196.99:443 d167qii8h0pw75.cloudfront.net tcp
FR 52.222.196.99:443 d167qii8h0pw75.cloudfront.net tcp
US 8.8.8.8:53 d33tru5sm6wy0x.cloudfront.net udp
FR 18.155.128.189:443 d33tru5sm6wy0x.cloudfront.net tcp
FR 18.155.128.189:443 d33tru5sm6wy0x.cloudfront.net tcp
US 8.8.8.8:53 www.scri8e.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
US 208.87.227.250:80 www.scri8e.com tcp
US 208.87.227.250:80 www.scri8e.com tcp
US 8.8.8.8:53 lh6.googleusercontent.com udp
FR 142.250.179.65:443 lh6.googleusercontent.com tcp
FR 142.250.179.65:443 lh6.googleusercontent.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.19.252.143:80 crl.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 95.100.245.144:80 www.microsoft.com tcp
US 169.47.242.252:443 chatroll.com tcp
US 8.8.8.8:53 damncok.blogspot.com udp
FR 216.58.213.65:80 damncok.blogspot.com tcp
FR 216.58.213.65:80 damncok.blogspot.com tcp
FR 216.58.213.65:443 damncok.blogspot.com tcp
US 8.8.8.8:53 blogger.googleusercontent.com udp
US 13.248.169.48:443 yourjavascript.com tcp
US 13.248.169.48:443 yourjavascript.com tcp
FR 216.58.215.33:443 3.bp.blogspot.com tcp
FR 216.58.215.33:443 3.bp.blogspot.com tcp
FR 216.58.213.65:443 damncok.blogspot.com tcp
FR 216.58.213.65:443 damncok.blogspot.com tcp
FR 216.58.213.65:443 damncok.blogspot.com tcp
US 8.8.8.8:53 coepoe.googlecode.com udp
US 8.8.8.8:53 fbcdn-sphotos-d-a.akamaihd.net udp
US 8.8.8.8:53 s7.addthis.com udp
FR 142.250.179.65:443 blogger.googleusercontent.com tcp
FR 142.250.179.65:443 blogger.googleusercontent.com tcp
FR 216.58.213.65:443 damncok.blogspot.com tcp
FR 216.58.213.65:443 damncok.blogspot.com tcp
US 8.8.8.8:53 nwidget.networkedblogs.com udp
FR 142.250.179.65:443 blogger.googleusercontent.com tcp
FR 142.250.179.65:443 blogger.googleusercontent.com tcp
FR 142.250.179.65:443 blogger.googleusercontent.com tcp
FR 142.250.179.65:443 blogger.googleusercontent.com tcp
FR 142.250.179.65:443 blogger.googleusercontent.com tcp
FR 142.250.179.65:443 blogger.googleusercontent.com tcp
NL 142.250.102.82:443 coepoe.googlecode.com tcp
NL 142.250.102.82:443 coepoe.googlecode.com tcp
FR 142.250.179.65:443 blogger.googleusercontent.com tcp
US 13.248.169.48:443 yourjavascript.com tcp
US 76.223.54.146:443 yourjavascript.com tcp
US 8.8.8.8:53 platform.twitter.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 151.101.188.157:443 platform.twitter.com tcp
GB 151.101.188.157:443 platform.twitter.com tcp
FR 172.217.20.174:443 www.youtube.com tcp
FR 172.217.20.174:443 www.youtube.com tcp
US 8.8.8.8:53 img.youtube.com udp
FR 216.58.215.46:443 img.youtube.com tcp
FR 216.58.215.46:443 img.youtube.com tcp
FR 216.58.215.46:443 img.youtube.com tcp
FR 216.58.215.46:443 img.youtube.com tcp
FR 172.217.20.174:443 img.youtube.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
FR 172.217.20.198:443 static.doubleclick.net tcp
FR 172.217.20.198:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
FR 172.217.20.202:443 jnn-pa.googleapis.com tcp
GB 151.101.188.157:443 platform.twitter.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 f69473e63191549ad8bfaf09df531e88
SHA1 0e4589f354220c0047e0d16eb1597c6bdf1026f3
SHA256 500c51e329bf4567ae94d6b748bd33fe9902eaf3bebaf67c1f2940c5a82be76b
SHA512 b287239691a552c723f363a1813476e4cc2cd309e28ebf2b2c8cb6e811d4d2bf954b5c0dcebfdbe3362d289119c944d1863988353f0a017f111a2e9549fb37cb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 df4ee6f2de3ed478e9f494065ef3bfd0
SHA1 14c056f3376839827fa28790f0c0dad22e54ee12
SHA256 756e3af432e08447e7d14ca9dc5627534cc0b53f6a35c41c5ff15bccce11b07a
SHA512 8d725e82121726c49326d7977cf5ab528a9956a658847a7e8e861ceb553c49e11cd0d7b989d3703753c27b603d4b2c32325791b6eb75fe4f537d904ab4041864

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 604839156233adf2aae61d2ec93c0959
SHA1 80e0cfde4533da58173866f76ab4673e2dbf6aa5
SHA256 f4ef3f5e772ee2d495a4450521c8be3ca38ee996a054b318c84384d69f4b29a7
SHA512 c4b112a9ade6e5d0b56b690bb6d1f212f9d3d1c724c9e8b7294a0cd39a0fc67b012cae46d48265c38e6f93fc9abedfd4f465b55ecd53e127cb1309c14655058e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 ec673c68e5af10d9bc46dfd0404f0aa3
SHA1 c2854b0d512f4a906c844b312b4a67c03cf89c37
SHA256 d12851c182f757c19bb442bb9b15a7d588b947c32399b1b2df35ca3571f8a1b8
SHA512 08b573adef914adb6861feb213ebb7345c64ba014e94b94ffaa0f0e67d2e6474c402f2f07b82bdcf5870eb9e8615d7d6294ebebc4713433fea16256708865c26

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 ac938193d6c1b7b73f52c3b051cb29a2
SHA1 78c9d3aa5e02b8ecc5c520a853b91b754fed3717
SHA256 b9277e56d14065049799ede37e66e448cbb191a16ca91450252781df600fceff
SHA512 68bec0322a25f8e6cff5cf6112ae82257e12df2e3e1cd0ee227c86e27e293f09f91f69c3aa88d9939dbcd6c4bd72402fd1a86403fb8bc9e6a2a7a5624c84f1f0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 1764ad686372034cc6d5e794349db6b1
SHA1 db406490f086d93c8d389b2162cbdda2b8f2df67
SHA256 9946e48e54eaa1ae013fcb4344fe72bec847ba9b40a3f708c6eeef477ad6b5e1
SHA512 ba810a9f573ee3bdf442597b1da802a0e5a7151586f83d4ee7ae156f84b1416a9a4290131f6831a08248e09af8123fd23a9c05f23a6756096b4ee15ba1eb224e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 1a1bf34565a9d03f87178a2361c23a9b
SHA1 0ce72342aae35f99fe67b1b8df599ca2f5b27a8c
SHA256 73732ef37c601d5a1ce743d66922cf7b2a0d3842b64f675a327e28425b81f938
SHA512 8a25dc7aba96a4524d618e8b190ae18dcbf9421b8871c5d549e6863871215e52875e6fb7c1d8e688e061897909c4a782bbdde010e911227bfa8cd78ab7d8af84

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

MD5 e935bc5762068caf3e24a2683b1b8a88
SHA1 82b70eb774c0756837fe8d7acbfeec05ecbf5463
SHA256 a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d
SHA512 bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 5390a18b0c021f4e83db5380225d39b9
SHA1 d7d723102055fcd12088e978bba5ad73ac72f298
SHA256 3d23f07619044afb1494d724548abc9022bbf6add8c15291ecde58897bfd6431
SHA512 47324077b5f92009e724a0130b8fe4aaa358fdb801832a751766c56515b1a2a3277492dd60e255901817c31599b1bb8401fa0ea9f02945278167cbf02fb0bf2f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 29c4ff2b6bf8360fd96395c5888ae544
SHA1 2be8786b6e7e5291de2ba0703f54673a640e2ff2
SHA256 68a1fffc205b05c6df740a958eb12c10c4eb1e347c72b4242cd414c978f2d7d0
SHA512 7e1a9112ff18175b4d788e8e551e4bfb1b9eeb890533af74958772436b4ad03eb6f0df51a29b2eea67bba2e106c343606233738faf535bf08c5759f6e7dc3cf0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C02877841121CC45139CB51404116B25_1866E19A9EA470E8F26D259D51C89BDC

MD5 418a90e43ddfba15f4771a4baa56c0f0
SHA1 74be932f36117524b825521a03adc46aef0716cd
SHA256 703722edac9ed2be20d046574a2e959910717f6fe161d80c8d22e4330f9b45f0
SHA512 5b6a91431aed52f58861bf3dc0a079de4ccd5845e5c771f2d393d9017352dc27725a8daf99e770f05d5bfeb18a33ed4eca7091c9ac35ad675a5bd4e3cc828eb5

C:\Users\Admin\AppData\Local\Temp\Cab91E5.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar91F8.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CXRG2YQS\fb[1].htm

MD5 e89f75f918dbdcee28604d4e09dd71d7
SHA1 f9d9055e9878723a12063b47d4a1a5f58c3eb1e9
SHA256 6dc9c7fc93bb488bb0520a6c780a8d3c0fb5486a4711aca49b4c53fac7393023
SHA512 8df0ab2e3679b64a6174deff4259ae5680f88e3ae307e0ea2dfff88ec4ba14f3477c9fe3a5aa5da3a8e857601170a5108ed75f6d6975958ac7a314e4a336aed0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DDE8B1B7E253A9758EC380BD648952AF_86F2A83F54EA52E2D59C5D2EE00149B8

MD5 39897533f4e9be281a2e9a24e3ee21b5
SHA1 92d7084bcf6197a8d3b2300c20f6552e378608b2
SHA256 8c0d0807b0efd163537ebc778d6bc3a76acdfa964c0e5d70c9f05774f4292ed0
SHA512 3a39232ed2a67737e7c5b9eb32e261803d6509e21fb326edbf9c4a33f6f8a785e79ebbfa5aefd2c03ed92f71129b8b70471081f2492b8f94037af215cc39fa93

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4f2b8ba1b7a248cb0b5505a8b09593a6
SHA1 5372e1c7da0bcad48a02cf3736043fa5cddc82b1
SHA256 13dffe37cbb4c3e34c5f2334f420a89df487ae92f87b8f16d1be0ddba2735686
SHA512 f1eb1bb463d5aceea2fbd27b46ff9ad22763413183c74795d8a82a71b6e6f1eda92c2ac5ddd3b3bf3caec8cd9067deedb660c252a04f35e2c3bade187433a594

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d77393ff9b6715579349ad43f1b5f138
SHA1 e687fc1cfdeed7b06c15cfa3074b8131608f5ea5
SHA256 881b6212eebd64ee93cf410fa308e0277c96ee99b8fae4fe8ddd84760127b0d9
SHA512 0fd413d74d8e8e0c5d4c8d1f34fe30f412fc3acdbd5e09cbe4d600fc634a2d9f2ad24f46544cecc41a898bc384dd759d0c70994fdbcfdaa221b93c71bcd20720

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 1ae73ef65e56d8982f830dc836a023cb
SHA1 fe05c2be30daf142ae78b55204714e0671d24087
SHA256 773a9610194dd644b8a433cdf1c4ba11547a713da66380f81c1f135d81e78b92
SHA512 0e1b3c7e0739fe66f270b61bf0233b869035a864b332337dbb930e9976b6718ae1439e5e6355c120b9fb65cbba86e78f8c52dfdb51cebf2aaec822028afc274e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DABA17F5E36CBE65640DD2FE24F104E7

MD5 c6150925cfea5941ddc7ff2a0a506692
SHA1 9e99a48a9960b14926bb7f3b02e22da2b0ab7280
SHA256 28689b30e4c306aab53b027b29e36ad6dd1dcf4b953994482ca84bdc1ecac996
SHA512 b3bd41385d72148e03f453e76a45fcd2111a22eff3c7f1e78e41f6744735444e058144ed68af88654ee62b0f117949f35739daad6ad765b8cde1cff92ed2d00c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3465334d4cdcff35b314cd8d4f07d595
SHA1 d78fdf9ea674bb9ec436da634ac6483b0ff6333f
SHA256 64560afce472e627e29d1f5ffbc8195872b01c16106d01ee50f5b72f8da96d37
SHA512 eee94e33ffe4286a4e77c6ad757174dace1bb850e27697c77115820306b6a99c34275612a60d8f8ef64657712f15ff1a1bbe81ac03eb620baee6c99efae2218d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5512d9e54aae9af746061686dddcce1b
SHA1 3d3fa15d18e0b7eefd5fcabb5db3683ff937b9c1
SHA256 aba121e9ae15366810937317fc1d263e5b4f3cbe49f40dd0e8b35112dc2d7ac1
SHA512 555b904e0f101042b06344add23dd13cd7763316bf1f808356c363f4a5a4a928de2d77cadbfd11645cd1962db6256ad04c077abd2e9d4dfa3edf2eb55a94788f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dc495aee4e718fe7b84294a2abbf35a4
SHA1 7cc1ced712280d39a2f528530d3992593ad7ae1b
SHA256 856fcd5ba656a1257c9ed6d947d4bbe9000f6d2bfa17350cb3c1ab5b39e4c9da
SHA512 733aced9f3f82b77e2941379a66cb3536ecbf73f293fe67fd1ac13ffea35beb37ce8dca390d5897c81b9b36369e85e7fd6034d2302b2d07d420c008b9f50f28e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3e22cd3640c03f5a429d3e63425d25aa
SHA1 fade7c93925ae004683459918d2df8088942cb0b
SHA256 7d2518ddb22bf03a99497e83e42b53a0b54f94c416e9dec544318c98373668e4
SHA512 0a8a4f24c56d406f619380378fda2c21f29542100dbd3d2678a7448821daa9649636cdb960a0b75d4895bfcc6f4552b3491f7d9f49f08a6dec9b7d8fe464f96c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\VY4AODIW\chatroll[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\01LB6K3J\jquery.min[1].js

MD5 a34f78c3aecd182144818eb4b7303fda
SHA1 6fca78dac2797c02d86a4bf6514eda398b7dbe62
SHA256 c784376960f3163dc760bc019e72e5fed78203745a5510c69992a39d1d8fe776
SHA512 ddec07100503fdad6655d4e90aaac246719e9667611b35b112e4694e2671b43f4c4ef0b87371d3a6e173f7ade9dfd2058e5e165a41c3a250007d49ec18f2419c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 23d916df79fb29a8e5de9b6d94130bf1
SHA1 53a938d554c4d0d046d3dd8111f35878366b6dd9
SHA256 fc8bf4e532bd696495786f0f3cc6a41595a8a7184b06d89be17131ca220c5603
SHA512 b95edbbd947480d075a5c3db9150f585629eba652bae46d8f8270d554d4200e4accfd640119d8f352411b4d227f0b745a7d654dd2709c3f09eec92c6f07ee27b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aadb499f244698ac710a265cabbec3a9
SHA1 fe21e44579777b4374096d8b1f14d3b259c51eb3
SHA256 4604669ef2e5d915ce4cf671ec6d2fb932d2934e0ebf1426d7dbc84066f38c45
SHA512 e0157b57402d5e1e1a04ff40bb6d3480609dc994a5234951c8f753e967cd89cdd6d8753ba0fb20a1967a18b85f1ca6f8442e64dbb77d27352596b169962d7680

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 32c2a2fd4af98eb04845a5e77f45dd8d
SHA1 edbe9b89d0b83a3ee4445d592d465e03034f3235
SHA256 5af21fb4c66cddd6fde3397aea3a55cdc2e7d226788c99601f49b4f34360c53d
SHA512 597de52f0466cf619c5a49569b52301efd3fe7765684552f7c736106360e377805d483cf252a0ad61b6e4632fe0d55dd4f61767b922f40057b1a6a6b82d8c97f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f422a4974cf5e02868d9ba95f08c3f57
SHA1 eff5d8c8371d2a86e7d7f958caab42ddba2de377
SHA256 9baf6d0b411e6451879ec4ea80ccd7a7599e8d7fe4928df753fe696224c6cf7f
SHA512 ebdd85c3c453d749a0ffb4f576b111b021149f1852a73f8c604f039306c431831829019f2eb1b44fcff2d0d11747db8303650ba27b47a269dadabd853f6e4c3c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 16c54d48731cc9953bc4eef2205642a6
SHA1 01824e9e147f6ad83875dd9492d3ea820754c502
SHA256 b259bc99696875843a6ace63336edd41f1c28250385beba665df713e071f3aa7
SHA512 f5c3d227be59da7cafca2455dd7b2d2c778264d59ffa7f835b0d8f6a3c24425f10d32e9382c445c070d8071efad6278ec01d22f96d4516d92fd32416ba0a5a7f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9059992c668ca2a329dd9686f9e0b5c4
SHA1 711739043b6b0e43ff35699cc187f0fce59d71a0
SHA256 e3f7320aae9a90f2e43679aa502c5d6bcb01e8e63c1d710bb10c1c313f0a5086
SHA512 445bf6f31deb43260eebc6220354f6fa757b3cd3c374d6f5e8c32c8da4853855e3694228f100fff0f5e506a1e18608a1864444aa87f65345e00954200773994f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 22ecbd13c5e8a642f2378fd1eb550bf5
SHA1 385dfb712caf14b6000dcc61275c0e922469abf4
SHA256 71e9a810735bc437fba9711f3ea316d2e42358642cdda19baa7f321069836762
SHA512 15905ae85fb7960b090a58873aff49b8de436c8bf8416bf635f355c7ffe10d485d2ceb6cfc24773563a6b85f59823afb5c440e4e494a1b606774d4c015f91d13

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 706d2f164d240c383c163a410ba76560
SHA1 767198b24f034b78b3a8d713586276b296814dfa
SHA256 7eca6005af5b84129e769a4fc32a1ae0a1024cb68409ba1dc1362332fa63d65c
SHA512 e798960e16c624b38f23764d6be0d2c0c17344a91516c31e77fcd31407c5a77abf8e291c2d00ea73b60c2d36b477e85df5a79d38f56931b50e5f059a261b339e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 03da6edd997c591175ab3532ebfb025f
SHA1 385e8b99a5588f617f49f5f4ac74f1c3fbbd4c2a
SHA256 f4512e94f7320a5429864e86a686a54c9e2261a9a0237b93ed3956e5806b80f2
SHA512 3142e7ff34a6dffb2dc1702a2e3f325cbb9df63e6a90cbc807385a6fb9d56be6c9e45a91f74e0dbc2843366c70e8efffdf0d27504060e0e24235829bb7af3aa8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4eae5d72476badc5b49d473e946025fe
SHA1 54eeae8bb9f0eecb5a91597e442ca4bc57b61438
SHA256 e0623f911bd0df2b9c3a48fdec0e23aff0e30df790bf1e84c2dd28ca5aa2c756
SHA512 b691256dd1184ea168e46957cc16974f499703a992ce626acc353ab9a05f0d893060458b35835b9096013a03e442fbebf06095b656bf648aacbc2406038c247e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0I0VVMWQ\platform[1].js

MD5 da179f14fa23524b7a46d44fdf71eb47
SHA1 238c5064c2139e8a754cf74e44ea46ab4db5ebf8
SHA256 0d205e3611c526c7d6f6c936609ebe4a3979f8226f1ae2861629333cf078aa8c
SHA512 561e6ccef7acbda472f876ee9aa4fb0725327c36d8e610ee6c370ab14a7fce63301a3d28a50d9c2a3d2c3c4a668f063370cc2d8967128131c1ad3ca3f0ecadd2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5302ceb25b64c827874f743f064da5dd
SHA1 77c5933b4a786b4c8f2ecd15fd1478f502526823
SHA256 2b7437abbf7d177545022eb202d4bf449192c5329ed8e071e852ca6aa8ecc3ce
SHA512 d6aed72042f17be7056577b22e8501b7ddb932b2c08f992d74247d731c308287b7603fad8c5c6a080a9ec0779497828a47a69db26dc20caa575229fd7983b021

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 f3586db67b94ba574e59238a24a20c1c
SHA1 e01ca91e35cd6b28fd87cd60743fddd5577882dc
SHA256 d8d6c176141d333df7c8227f031c40a03a2637c2bf57a9823e97bf1d871148d9
SHA512 931e1bf523e1d2b8a666394000ea36c8e74b1d36ded70241d07353a4a51c7c88822f700e03a903444cac6a92946d5ed5f1836d73f418264a97654b62cb5bef4a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\01LB6K3J\all[1].js

MD5 9ea68687512d6ddde23bbb71f84b2914
SHA1 de93171666e5614ddab37e2026ee21e82791f9fe
SHA256 050d61c753263fb58b225edd36b9134dd57d2b0badd6b999434d4daaedc3fa95
SHA512 ab2a14aeeae9e0ff6b7682835f14629eb45e4014abcbad7447aa18c1cdf3dfd28d363b318bfaadb8161112eeaed40134a2549005452e83f3761e01c061d5357b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 276de3bd7e52e658d73fea02a7853117
SHA1 7c54ccb59fffa63690a825047dab52507e3e99ed
SHA256 71b043fd1922105de25722148bd266f60a63fdf5f0d7b382b013516f4b627772
SHA512 03ba0e8c343072f5b4a07f59c1055a2e14923a7785c3c082d7bc7e8e929e10b5402c3ed9f46fdd305262970ed9f2fe385741574b2dcccf54623a50f82aa4a095

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0I0VVMWQ\cb=gapi[2].js

MD5 4b631ff88bd736ff7ee1d027c647d328
SHA1 0ccec46ba9b399fdde5cac07e68d87165a144ad4
SHA256 7d1ce7035000d38d825e3ee7cf8d8eb6971561154ff5d48fc3896523074a8601
SHA512 a3aee28a91b3cb5d9b1c99d0c4a51abdcae5fa486373de02233ea0b947aba3052c1cb44ee66cd92dc905680e5568232e1edc0608069cca94602748f406163087

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5baa175f26ed77780a4407cd340e19a1
SHA1 fa7a69b193cac7ddeb40b623d68675e228e1a54e
SHA256 0d78c0ef8ce28baa38d9e42cab09e46b85c8c9c3747deb32bf2c13c21fc6c555
SHA512 237ccdb6ca64f830f5e44ee1b725d333f2ba5ab1348dd10753f49d57a32f2bc66b4ffd2d37343dc48edd190b0c7ea242fab2694910c65fcdcf6fb3c2bdef8a86

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f0158dd5ce4ef1f67788f73888d44d97
SHA1 de221a44fb2d09fcd05cbae7c4d3b08f5e0f5169
SHA256 3f0085be44995a15e5efc0134b7394f53b20ab0a90c6cb484ebfab21c1c8c430
SHA512 9bcc871f67f8b16b4d0c462c54f1637ab6d265e522e103113306adb7263b6914ffe7b291df841537ed198d842588935693def3702a9a28e2610fcfe0c2dbca65

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ff5c12265870cf7c51d302d21ccd6887
SHA1 98fe18ea84b1ee55efce7ee816ae0fa071a1fa24
SHA256 d14adcaea3c8096f07a225d4df56d67f4af77489535adc16643a378643c3eb65
SHA512 2f3bc4b9582be769856050780a799bb79d16ecdf12e49776f3902c8c0263f1948acc2b86e9ab40a3b26adaa8f877fa6e39925f0837653c99b0cdb7f54d1e95e1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0bffb69c9e4bb6e657060095a31f83b3
SHA1 0deb7d021c65d631bd1f7d63d8f538cdfce3dfa8
SHA256 794b04b9536a776946d812d260d9bc78cf90ca83804462638f696038bfcdd117
SHA512 942796ca6f4476be580b62b85d4896bdf241ccb8ac3ce8166a1d30ebfa4dde2fcdd85ca7c2cf22c8b136eafb97da547549e557763ffb5076333b2d8f2b3b7936

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ef5445590b1bfbbfb601dfee01309d64
SHA1 efb2daaa687c744e6a7520c30553819d50527772
SHA256 8c958cf8a547dda6e4bafba7899617ce1ad5931c5b5bc6abbee304ee470ca967
SHA512 0d9111db3a21928025e099547de57fc079e741ed295b4fe39959b66f7aec974aca3d1e529d57e71c6ba23d8aa5e8754d4c677ad1f7cf1608e9f3a2a3f2d58d13

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 0179dd6c7375272217a444b42a05bbfd
SHA1 512c7470cb15639fd1551f77114d97f2c58e8ac7
SHA256 ac2fc1df7d5df7b2b5f717195371a0ff0cd55463d06f16628c028bd4802b8f2e
SHA512 b138334a8d303b00ae093f273a85e564b3845f9bbadfed6fa1c83d5ab7e6c8fb6bbe773064d6ee3c44b0d29f6cb28f8036174cb7772edd3a5cf21d466f2bd58e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 94f522587381bf927cd90af0eab9b9d1
SHA1 f7b2b47c974d80946d97d6f7d7912bbb9316460b
SHA256 eb4d8b57fbfa9e269a6a6fabe8287b3f0e159e270627e49ae13d4506a7db8497
SHA512 f0498792d5694499b29a0ad02909a86b14ce3d65267cdd552ba063b2fe00e8a86377b3f5c4adee734c60e12e1e583043b52d4fef499057848f5a3713565e24d3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3062980430f41bcd48091e46c2b055a6
SHA1 ee8255c827bde4fe06b0e7e22c83671045de095e
SHA256 0c17d022f601853bb96c42300b9d9795c6ed04bbff0454f5210e13434f980072
SHA512 dd5cc01d412b6d68c59361b05c0a81045735981ca800766912e3b027250dc96bc1d8edf4afc7c1df82e3239e751020cc07288d634a2cd612a82d9d2e41718448

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8c3e16e6c3f966d665f98b0c77c1e5f3
SHA1 095b9676a17bccedcf3745e61b03340399278fe9
SHA256 7356792d8aa83b5804b864722c8006d2b0dd93049ac1fa622ed370fd9b3930fd
SHA512 7ab87565f17ad74e9950d6c9301f69ade0037d8c670b3d7c2db1397c660f8aaf2982c9f0922e554f0415d84d6e333885988fea517cfd895bdb7674b4929fae2f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 17f593f17e40dcadeeb7ce59ac5b5dd5
SHA1 0678c9e4ab102dad712c3a574627fb3a233da350
SHA256 638fca40c370dd556ed0bb86e4d2a1140901ab2a9920d10fe97809750d99bbb1
SHA512 2845b4beb982a2cc21530249cab1efa774a52488fc8c4b3bbe99042fd25145ea98bf8fbb6eb287ac901f4eaeddc84d8f18a5277a7f0ed71ba8b7345f97229cd2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d52c91554458905e51035565c55d8056
SHA1 9cfa572156dc9fc8eb5c154d6c2a76a159315762
SHA256 55fccebd0067fd6fe3ff9e572852e77d710fbe7bfd3c63710ce7806d619e2e05
SHA512 450623672a7ea9dcf89d2fe46c9eb389830f8c7063a9d1b8ccfc17b0623f0cf96bdc9fa8228cce01f61223485d1a4b7636b57f4041590900bca56b8c134b8a03

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0I0VVMWQ\favicon[1].ico

MD5 871c1f2e03f0d59f06d5d5262ca7a337
SHA1 546bff947a8917533e8a0ec56c689bb364e0cd11
SHA256 2fa2f956b179e8c6009c18d6e25c7bdb2b9e946ab9a8df2f3ffe35dc7244d4d1
SHA512 f86d18613ee477dffc952a4a73ef85ae3a7e87c64b03a6a88723a7c1d938cbdb8c543775d1d3196d4cd0986dca02525b989b924a0f6898586f2e1aebda799422

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\9fajjbh\imagestore.dat

MD5 051212ca9f181547977569b6074e96f1
SHA1 ce16ef6d1b7294c76faa31a116152d13368f766d
SHA256 52c1bdecfe6383d1753f10b696d02f929b5779b5d25585606200e891f1460ed0
SHA512 cc84450b3b5270365af4cf4b9f1cac480828ec4f695ab7dbd7e7bfdc6f496de83c65294b20e66b5e2f13eeb5c2a3f65d00316de2f582286f7e4018df34b5fcbc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0b9237d852d95c0202318debb4ec5ef9
SHA1 ae222e68f5275aa0e053ae5c70f5f69d940c5b82
SHA256 b3dbe2d4a399122d0755be7d66a3ba917301c524edfb580ffbbcdeae7ac1755d
SHA512 0de6b0554f79a91e408ca9c15acd2eb65cb820bb7315c9c96c8089a68718e6ed6a402de551f5060bf7c0d8870a6d5f2ffc65ee9cc4f339e51a1f70c47ae38777

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d18cc2784d3350127c878d35a533d5f3
SHA1 0afd411b4273eb5ce5193e5d0768ee5a71465ca6
SHA256 98b2b939387ace40c8be1b321f8c0e186b8ee724bc446a7c2644a65808c7e35f
SHA512 4d64936613e571a60157d801a903c6eb93e113caf949b56490aca6604266c20299f3191ca8c5e15cd5db4b3c17a5b79f5446bc4a2cab24448acb7ebc77fd621f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ece86ff35d8d66614462c848567efaac
SHA1 6ae8e8cd335a2d0f5b9f68caca64150f573af33e
SHA256 820cec5949e3b81850be1ee1cb865b790b4b256c02611a8615061bbf51ed546b
SHA512 0995e9d736e21a76ce511573cdb02bbe2cb65e25ffebce3659862ca779549e192b15d5467d4418134b82e9abf10bd725c3cd090fe1efa1aa76dbee476cc2187b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f7b437dd5ffad5f53fb8b9b1fdc61144
SHA1 b739d7ef33d384f94325087d934c6bffaeec7696
SHA256 8d49c4754530680520aea67685924a7b8bb1ff79883915d6da7bd22984278e43
SHA512 9df2ba2b354853389c76d79e0a00534ddf7069758346abc4227e58fe23fa096a5fb3a722307c6113bd3b1bcc34ab545aa08994bade66be55bbc41b544d3fbaa9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e061d803cfc0af4a5a6ac562494708f6
SHA1 5f33bc8a096ce180bb619c256a63c790c5035ea0
SHA256 5c74b72625dac9af9aa6f6084b1703c22f2dc3dbed992f6f74b0e05f177c3b3a
SHA512 81d838b5c6ceb4b5d2db53c0d2502e20de3f01553a5db59b824c94252c4b54db5fe003182016866e6b7c43e4fafafc74944976bd03f8dfecf0b539d87f23a749

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0eb9c6ae2c851e985bd7bbb1bfe0b40a
SHA1 4a499c0ea0d8b7daba2ed34676628bd7934fd8f2
SHA256 a78b2edc8c26ecacbdf701d9fd7a2711baa3a3e0c16253099b235cd2633a1e94
SHA512 6eaf40257723c513960b234bc9646b7cfa0fbe9b1c9c259ee18a310838a36ab617c656ab4d06bbcecaa911abca2ada777e6e2117c72d8d542d6c1c8b583a95d4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d6c34ba6ac4651ff75d81c650654f016
SHA1 2648270850f9eb913220f34df3bfa11176da1a3e
SHA256 699db7e1924dd466bb8cea83c0c8bc4aea8b7c36c75c07d46a4ff9df9515dfd6
SHA512 134230c780783624822b88e807d72f62af510153d772c4000c19a6eeccd93b74b1335636a2d5c776ddd014e81ee83ce2541744c5519415bd72852725fcdbed7c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8575beb3350ec2050f1ebecbc8fa86b6
SHA1 6229857b0f1bfe6fce294eb96a9411e83266da4f
SHA256 696ee8de05c9553410c965ad05c2b0dd25d41373e2223700e33ea61a8fdff495
SHA512 fd7f34938ecf490cb417dbf820fd3c14e0710670c416edbe9888b2b0a6f3f3079da3277818e674a7fa37573434193d60c504948241844f7b035ca99f1baec424

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\XVGLCHCR\www.youtube[1].xml

MD5 647f1c307ff5c9425f5ef21d1c0202fb
SHA1 d21b0af7defcbff20bf38c1dfa000c30bd7c04be
SHA256 3c074eb0ab0e0c4cbcf5d79b8fbcf3e5f624bb54266cdae8abdf9860abe5a739
SHA512 91053452d8bdb2659b3c9156af45e9696d14a4631eb87e515a3ccfc1c5b94332855285490b27f8754964e3aab13e5de2da5f88354f5e0f9beaa826b1d1cb9c88

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-18 08:22

Reported

2024-12-18 08:25

Platform

win10v2004-20241007-en

Max time kernel

146s

Max time network

143s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\faca62ac5b58a446001fc21aecac4d8b_JaffaCakes118.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 744 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 744 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 744 wrote to memory of 4980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 744 wrote to memory of 4980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 744 wrote to memory of 4980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 744 wrote to memory of 4980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 744 wrote to memory of 4980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 744 wrote to memory of 4980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 744 wrote to memory of 4980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 744 wrote to memory of 4980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 744 wrote to memory of 4980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 744 wrote to memory of 4980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 744 wrote to memory of 4980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 744 wrote to memory of 4980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 744 wrote to memory of 4980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 744 wrote to memory of 4980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 744 wrote to memory of 4980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 744 wrote to memory of 4980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 744 wrote to memory of 4980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 744 wrote to memory of 4980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 744 wrote to memory of 4980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 744 wrote to memory of 4980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 744 wrote to memory of 4980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 744 wrote to memory of 4980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 744 wrote to memory of 4980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 744 wrote to memory of 4980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 744 wrote to memory of 4980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 744 wrote to memory of 4980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 744 wrote to memory of 4980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 744 wrote to memory of 4980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 744 wrote to memory of 4980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 744 wrote to memory of 4980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 744 wrote to memory of 4980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 744 wrote to memory of 4980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 744 wrote to memory of 4980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 744 wrote to memory of 4980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 744 wrote to memory of 4980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 744 wrote to memory of 4980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 744 wrote to memory of 4980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 744 wrote to memory of 4980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 744 wrote to memory of 4980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 744 wrote to memory of 4980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 744 wrote to memory of 3416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 744 wrote to memory of 3416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 744 wrote to memory of 2268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 744 wrote to memory of 2268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 744 wrote to memory of 2268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 744 wrote to memory of 2268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 744 wrote to memory of 2268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 744 wrote to memory of 2268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 744 wrote to memory of 2268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 744 wrote to memory of 2268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 744 wrote to memory of 2268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 744 wrote to memory of 2268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 744 wrote to memory of 2268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 744 wrote to memory of 2268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 744 wrote to memory of 2268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 744 wrote to memory of 2268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 744 wrote to memory of 2268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 744 wrote to memory of 2268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 744 wrote to memory of 2268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 744 wrote to memory of 2268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 744 wrote to memory of 2268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 744 wrote to memory of 2268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\faca62ac5b58a446001fc21aecac4d8b_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb566e46f8,0x7ffb566e4708,0x7ffb566e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,15699608124360440551,370653658680523747,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,15699608124360440551,370653658680523747,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2508 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,15699608124360440551,370653658680523747,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15699608124360440551,370653658680523747,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15699608124360440551,370653658680523747,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15699608124360440551,370653658680523747,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15699608124360440551,370653658680523747,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4252 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15699608124360440551,370653658680523747,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2132,15699608124360440551,370653658680523747,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4776 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x4c8 0x510

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,15699608124360440551,370653658680523747,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6168 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,15699608124360440551,370653658680523747,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6168 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15699608124360440551,370653658680523747,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15699608124360440551,370653658680523747,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15699608124360440551,370653658680523747,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15699608124360440551,370653658680523747,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15699608124360440551,370653658680523747,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2104 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,15699608124360440551,370653658680523747,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6516 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15699608124360440551,370653658680523747,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6532 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15699608124360440551,370653658680523747,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15699608124360440551,370653658680523747,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6656 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15699608124360440551,370653658680523747,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6368 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15699608124360440551,370653658680523747,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6740 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15699608124360440551,370653658680523747,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6872 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15699608124360440551,370653658680523747,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6456 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15699608124360440551,370653658680523747,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6996 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15699608124360440551,370653658680523747,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 yourjavascript.com udp
US 8.8.8.8:53 layanan.oposisi.net udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 dinhquanghuy.110mb.com udp
FR 216.58.214.169:443 www.blogger.com tcp
FR 142.250.179.78:443 apis.google.com tcp
US 76.223.54.146:80 yourjavascript.com tcp
FR 142.250.179.66:445 googleads.g.doubleclick.net tcp
FR 142.250.201.170:443 ajax.googleapis.com tcp
FR 142.250.201.170:443 ajax.googleapis.com tcp
US 8.8.8.8:53 adsensecamp.com udp
US 76.223.54.146:80 yourjavascript.com tcp
ID 103.30.145.12:80 adsensecamp.com tcp
US 76.223.54.146:80 yourjavascript.com tcp
US 76.223.54.146:80 yourjavascript.com tcp
ID 103.30.145.12:80 adsensecamp.com tcp
ID 103.30.145.12:80 adsensecamp.com tcp
FR 216.58.214.169:443 www.blogger.com udp
FR 142.250.179.78:443 apis.google.com udp
US 8.8.8.8:53 imemovaz.googlecode.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 feedjit.com udp
US 8.8.8.8:53 andreykusanagi.googlecode.com udp
US 8.8.8.8:53 mybloggertricks.googlecode.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 169.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 78.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 170.201.250.142.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 146.54.223.76.in-addr.arpa udp
US 8.8.8.8:53 12.145.30.103.in-addr.arpa udp
FR 172.217.20.164:80 www.google.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 www.lintas.me udp
NL 142.250.102.82:80 mybloggertricks.googlecode.com tcp
FR 216.58.215.33:80 2.bp.blogspot.com tcp
NL 142.250.102.82:80 mybloggertricks.googlecode.com tcp
NL 142.250.102.82:80 mybloggertricks.googlecode.com tcp
US 172.67.215.31:80 www.lintas.me tcp
FR 172.217.20.164:443 www.google.com tcp
ID 103.30.145.12:443 adsensecamp.com tcp
US 8.8.8.8:53 s2.sigmirror.com udp
US 8.8.8.8:53 vicahya.googlecode.com udp
US 8.8.8.8:53 t.ly udp
US 104.20.7.133:443 t.ly tcp
NL 142.250.102.82:80 vicahya.googlecode.com tcp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 feeds.feedburner.com udp
FR 216.58.214.169:443 resources.blogblog.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 52.222.169.3:80 js-kit.com tcp
FR 216.58.214.78:80 feeds.feedburner.com tcp
ID 103.30.145.12:443 adsensecamp.com tcp
ID 103.30.145.12:443 adsensecamp.com tcp
FR 52.222.169.3:443 js-kit.com tcp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
FR 142.250.179.65:443 lh5.googleusercontent.com tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
FR 216.58.213.66:139 googleads.g.doubleclick.net tcp
FR 216.58.214.169:443 resources.blogblog.com udp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
US 8.8.8.8:53 lh4.googleusercontent.com udp
FR 142.250.179.65:443 lh4.googleusercontent.com udp
US 8.8.8.8:53 c.gigcount.com udp
US 8.8.8.8:53 www.reverbnation.com udp
US 8.8.8.8:53 ib.adnxs.com udp
US 44.217.56.195:80 www.reverbnation.com tcp
NL 185.89.210.82:80 ib.adnxs.com tcp
US 8.8.8.8:53 icons.iconarchive.com udp
US 8.8.8.8:53 banner.adsensecamp.com udp
US 104.21.235.213:80 icons.iconarchive.com tcp
US 8.8.8.8:53 www.alertpay.com udp
NL 185.89.210.82:443 ib.adnxs.com tcp
FR 142.250.179.110:80 www.google-analytics.com tcp
US 8.8.8.8:53 164.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 82.102.250.142.in-addr.arpa udp
US 8.8.8.8:53 33.215.58.216.in-addr.arpa udp
US 8.8.8.8:53 31.215.67.172.in-addr.arpa udp
US 8.8.8.8:53 195.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 133.7.20.104.in-addr.arpa udp
US 8.8.8.8:53 3.169.222.52.in-addr.arpa udp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
US 8.8.8.8:53 78.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 65.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 17.201.222.52.in-addr.arpa udp
US 8.8.8.8:53 82.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 213.235.21.104.in-addr.arpa udp
US 8.8.8.8:53 195.56.217.44.in-addr.arpa udp
US 52.223.39.56:443 www.alertpay.com tcp
US 44.217.56.195:443 www.reverbnation.com tcp
ID 103.30.145.12:80 banner.adsensecamp.com tcp
US 8.8.8.8:53 chatroll.com udp
US 169.47.242.252:80 chatroll.com tcp
US 8.8.8.8:53 crt.rootg2.amazontrust.com udp
US 8.8.8.8:53 s10.histats.com udp
FR 3.164.163.59:80 crt.rootg2.amazontrust.com tcp
US 104.20.3.69:80 s10.histats.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 s4.histats.com udp
CA 149.56.240.132:443 s4.histats.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
CA 149.56.240.132:443 s4.histats.com tcp
US 169.47.242.252:443 chatroll.com tcp
ID 103.30.145.12:443 banner.adsensecamp.com tcp
FR 142.250.179.65:443 lh4.googleusercontent.com udp
FR 142.250.179.78:443 apis.google.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
FR 142.250.179.99:443 ssl.gstatic.com tcp
US 8.8.8.8:53 110.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 56.39.223.52.in-addr.arpa udp
US 8.8.8.8:53 69.3.20.104.in-addr.arpa udp
US 8.8.8.8:53 59.163.164.3.in-addr.arpa udp
US 8.8.8.8:53 252.242.47.169.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 132.240.56.149.in-addr.arpa udp
US 8.8.8.8:53 99.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 dw3mgzt87vzb4.cloudfront.net udp
FR 3.165.112.159:443 dw3mgzt87vzb4.cloudfront.net tcp
FR 3.165.112.159:443 dw3mgzt87vzb4.cloudfront.net tcp
FR 3.165.112.159:443 dw3mgzt87vzb4.cloudfront.net tcp
US 169.47.242.252:443 chatroll.com tcp
US 8.8.8.8:53 connect.facebook.net udp
IE 31.13.73.22:443 connect.facebook.net tcp
NL 142.250.102.82:80 vicahya.googlecode.com tcp
US 8.8.8.8:53 lh3.ggpht.com udp
FR 216.58.215.33:80 lh3.ggpht.com tcp
US 8.8.8.8:53 d167qii8h0pw75.cloudfront.net udp
FR 52.222.196.155:443 d167qii8h0pw75.cloudfront.net tcp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.147.35:443 www.facebook.com tcp
NL 142.250.102.82:80 vicahya.googlecode.com tcp
US 8.8.8.8:53 d33tru5sm6wy0x.cloudfront.net udp
FR 18.155.128.189:443 d33tru5sm6wy0x.cloudfront.net tcp
US 8.8.8.8:53 159.112.165.3.in-addr.arpa udp
US 8.8.8.8:53 163.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 22.73.13.31.in-addr.arpa udp
US 8.8.8.8:53 155.196.222.52.in-addr.arpa udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 www.scri8e.com udp
US 208.87.227.250:80 www.scri8e.com tcp
US 8.8.8.8:53 189.128.155.18.in-addr.arpa udp
US 8.8.8.8:53 250.227.87.208.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 13.248.169.48:80 yourjavascript.com tcp
US 8.8.8.8:53 platform.twitter.com udp
GB 146.75.72.157:445 platform.twitter.com tcp
US 8.8.8.8:53 48.169.248.13.in-addr.arpa udp
US 8.8.8.8:53 platform.twitter.com udp
GB 151.101.188.157:139 platform.twitter.com tcp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 92.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
FR 216.58.214.174:443 play.google.com tcp
US 8.8.8.8:53 174.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
NL 142.250.102.82:80 vicahya.googlecode.com tcp
US 8.8.8.8:53 s2.sigmirror.com udp
GB 157.240.221.35:445 www.facebook.com tcp
FR 142.250.75.226:445 pagead2.googlesyndication.com tcp
NL 142.250.102.82:80 vicahya.googlecode.com tcp
US 8.8.8.8:53 3.bp.blogspot.com udp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.214.162:139 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
FR 216.58.214.169:443 resources.blogblog.com udp
US 169.47.242.252:443 chatroll.com tcp
US 8.8.8.8:53 e.dtscout.com udp
US 141.101.120.10:445 e.dtscout.com tcp
US 141.101.120.11:445 e.dtscout.com tcp
US 8.8.8.8:53 e.dtscout.com udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
FR 142.250.179.65:443 lh4.googleusercontent.com udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
US 8.8.8.8:53 grasakfuckaudio.blogspot.com udp
FR 216.58.213.65:80 grasakfuckaudio.blogspot.com tcp
US 8.8.8.8:53 65.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 damncok.blogspot.com udp
FR 216.58.213.65:80 damncok.blogspot.com tcp
FR 216.58.213.65:80 damncok.blogspot.com tcp
FR 216.58.213.65:443 damncok.blogspot.com tcp
FR 216.58.214.169:443 resources.blogblog.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
FR 142.250.201.170:443 ajax.googleapis.com udp
US 8.8.8.8:53 blogger.googleusercontent.com udp
FR 142.250.179.65:443 blogger.googleusercontent.com udp
FR 216.58.213.65:443 damncok.blogspot.com udp
US 76.223.54.146:443 yourjavascript.com tcp
US 8.8.8.8:53 nwidget.networkedblogs.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 s7.addthis.com udp
US 8.8.8.8:53 fbcdn-sphotos-d-a.akamaihd.net udp
FR 216.58.215.33:443 3.bp.blogspot.com tcp
FR 216.58.215.33:443 3.bp.blogspot.com tcp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 coepoe.googlecode.com udp
IE 31.13.73.22:443 connect.facebook.net tcp
FR 142.250.179.78:443 apis.google.com udp
NL 142.250.102.82:443 coepoe.googlecode.com tcp
US 8.8.8.8:53 162.214.58.216.in-addr.arpa udp
FR 216.58.213.66:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 151.101.188.157:443 platform.twitter.com tcp
NL 142.250.102.82:443 coepoe.googlecode.com udp
US 8.8.8.8:53 66.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 157.188.101.151.in-addr.arpa udp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 img.youtube.com udp
US 8.8.8.8:53 i.ytimg.com udp
FR 142.250.179.86:443 i.ytimg.com tcp
FR 142.250.179.65:443 blogger.googleusercontent.com udp
FR 142.250.179.78:443 img.youtube.com udp
FR 142.250.179.99:443 ssl.gstatic.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 static.doubleclick.net udp
FR 216.58.213.66:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
FR 172.217.20.202:443 jnn-pa.googleapis.com tcp
FR 172.217.20.198:443 static.doubleclick.net tcp
US 8.8.8.8:53 syndication.twitter.com udp
US 104.244.42.8:443 syndication.twitter.com tcp
FR 172.217.20.202:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
FR 142.250.75.226:443 ep1.adtrafficquality.google tcp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
FR 142.250.178.129:443 ep2.adtrafficquality.google tcp
US 8.8.8.8:53 twitter.com udp
FR 216.58.214.174:443 img.youtube.com udp
FR 142.250.178.129:443 ep2.adtrafficquality.google udp
US 8.8.8.8:53 202.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 198.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 8.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 226.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 129.178.250.142.in-addr.arpa udp
FR 142.250.75.226:443 ep1.adtrafficquality.google udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 7de1bbdc1f9cf1a58ae1de4951ce8cb9
SHA1 010da169e15457c25bd80ef02d76a940c1210301
SHA256 6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e
SHA512 e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c

\??\pipe\LOCAL\crashpad_744_VINOGMFULJAPVRPA

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 85ba073d7015b6ce7da19235a275f6da
SHA1 a23c8c2125e45a0788bac14423ae1f3eab92cf00
SHA256 5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617
SHA512 eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c6c95524a7294d7fcf8c3f39c6973bee
SHA1 c343976671d8711aa0abb0f260175ab406399ba8
SHA256 24797e6d906ebfeb327902fc265f91934fcc9b310f79f99f5b795254d3401c32
SHA512 7b44758fa85a1f3ec566da68b6f14380354f06b75113bac21de4cdff6dab13e72cc816c1b02239979091c9d050c0d3f68896974e59bf6107cbdafb603d3099a3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8e52b81f2eef534e83106ae30fb65fd0
SHA1 5318e401428c61f7830b1dcbbda395e4d8792a56
SHA256 2a1cf713e86ee575912dd258d8a6bc7359f2049f3a8b6b76f625c1d239e30576
SHA512 8f7a93a585400be82a67fb08032bc3bbf359fbf20b711d13d0abda095a92aa0e1117315f9f73d661d20877dbdd5e9b555317c71d41746e87a1a230177fe053a4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1baf6f8e-62b2-4f38-9fa3-84936d19a6ae.tmp

MD5 6d833d767f2610e45717340db850dd71
SHA1 1314982e2c6849309ac71c6c3849b56186ff4fc6
SHA256 e6f3fd02aa8e6b9026e1fbcde973ca7ae96aca968d0bd625aee3145e3dc53fea
SHA512 3ea4ebc690f6d5041c7c953c772cdd4e2d4f41669a6fee1e97a524e84766a7d6ea241d4ba8bd68bbe0dc1cab8d9abb8783d1db7d2cfdbe61bcbdd7dbbdb00bcd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2bdcee45fb64e4efa2b60c950725f899
SHA1 4027fa76274146be497ef48c431513750edf0fb9
SHA256 59e91c8cdefc290cff0a9df09bded3c6562a4dd32fd7f78236b45d8f662152a5
SHA512 fec841de4ec5d417dce48d36bf8a746f5f7bed5e0253cf9dcd1ea3252dd9314a4a7ed63f48621617c990aa0013c0178833e6398fd11c6655521e433998d3e38a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 bc3d9bb0f1ade45098c296c26e058f51
SHA1 113086e9432d035555f2471fe71b1433b73f9644
SHA256 5768638ea8ca9a02ac70ba307eab95e1be061cddfc77e6afc4c1b1d3bd1a77d0
SHA512 b2b42a6381ddaae46b50c57d30770018446435479b5a9e059327450d9ad03d0fe1f2aa3b6106a9bcccd46de45439c7ee1c3e6df503c2403238bf73da9c6a5309

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58848d.TMP

MD5 e971f52ff5c9b632e6512d3e9e7336c9
SHA1 365e7f0bc557149e945d18deec47bf73cedf5a39
SHA256 8a53fd118ed0a8761bc4a2879910b9431475000f28f281a800822ba964bdbf12
SHA512 d69b3ae50f1975520c90a578514497bd654bf00f9659e59708d30df31bc8151a2abbb1b6eb3ab44fab460a95d9bda3e6d808540e29d98b8f807d689629b8a42b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2e282ae9efc05677ef78e08aed646e82
SHA1 08df0f837086af574c3a600f4f574af5924f22f5
SHA256 c8fdab6810d31b898455a1c6fdaba89ffa5f072d28a3ebd0f3b7047d4ae477e9
SHA512 83e083b4632dcef42dadadc00b3eec5ebb0fc99d30dcb19fc2806479d790057bbb024f9a57954302786d4ed858db27da5e9b4d7dec394e6d44debf656da9208d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 e7ada7d5d93e6da466ea0ff94c2e9d7a
SHA1 b1d27f2516d55f2e9443f1e917090f421f03b55c
SHA256 d170206e7ad19969155259ff6d41c321bc3d829f67d2d63873e209e932ad1732
SHA512 5c16f2693a4deed9bddafb92b69bb64ef9a696dcf23c1232f691f8d7b2c3f94b8752ce5725557a1013045d4e525908224b8b59f0f128eb2408feaeeab32733bd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e2a99af7dac059ea7e42df3e178f9ca8
SHA1 a56ce3e9efdd77eb12bca74eb9392b6e84ce21f3
SHA256 bb439863bfe080711adae381e9906d11b19ebf9e9e0605445748a97d13bec0dc
SHA512 4c951638c999a016788f1b38a360483cab4c2d1dafd2d0ce57ad8f37a12a572136134e461768e8e2563968d80bbb18d1fc65ef2fb4202e9afd75531c18af262e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

MD5 2b5b5e31c8cae7a87bd2212d04dfb2c4
SHA1 6753096c4c808970acb4a59eace93e4f777b6792
SHA256 7fb5e0939c5fce8e0d8d1440c7f8487331ec6958675ce2562f2f68a61656b96f
SHA512 d6c739df4d749beb16d9e9ef42f3e331922ca910a9176b5709ebc2f8da929b4c9dc9996956250e79470e6073edb2a40a8e609ebb618f3e93abee0b156acd6495

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

MD5 facee74c789253ce2d2a63c6d49aeb94
SHA1 79b895ffb82ba8363f8a67f8380cd6f32a5fb907
SHA256 804c9c6d6384db9e246de900d22b3f4d79a7265bf42ba72513d3a060302b3f10
SHA512 4a1078ed20af2a83f3a3f1893f4f1e6c5f94f8608ad85c50ae232aff6b8eb931167c082ce80dc51da4f116e4cff970571b2d51234f9777ead0d5b9a5de4fa8d4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e6ef810c9304ebf23094b45d8b78147f
SHA1 e0e3476a3de7e41bf30385c7e0d1ed785f1fdc3d
SHA256 769f418d16de9abeeb729aac67a1d1984bb273f608a8886a39b3aaa60c6b97ca
SHA512 a2e189be62ea1306671c9c60f2a205c365b654fafc0a84ca00b7a0f70e4e84fae03bebb46c109a152164c3310842aa46654cb012638c70220c76410e1bfcf539

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5552821a1066819ebdb321ff374de86b
SHA1 bf519816594d3086b522473a112eaf5fd919ed5a
SHA256 8bda22440c2b9d711ce02efe4df7abd4a2f6919509344dd28f581e1d5ca65c3e
SHA512 00d497d0f345c68f544244692cf38698393e514e92f17a1d1c4deb53be532146b78a933887efb262805abc653ab7e394b5cae481aa231208ca0b4f6782d45165

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5a3cc4218bac7571947b9d97f45e0470
SHA1 31a65ab6dba362c45e01941cc71c9b57ec4be92d
SHA256 143e4f4238c87d92b29e86c2dc863dbed044308f9b12831873fed2b360ef0100
SHA512 4da6bd6c37cfebbdf105eaf8052006376a5dc0cff3b15a9ff2653177b47fba003e72d2dfab552b2463522c177fb8526b7662548e66b0ae6a6bc61252830820ab